Lab Questions

1. 

In this first lab, you'll install and configure Apache to start and run automatically the next time you boot your computer. You'll also configure the default home page for the local distribution as the default home page for the local computer.

1. 

First, make sure the Apache Web server is installed. If an rpm -q httpd command tells you that it is missing, you haven't installed the Web Server package group. The most efficient way to do so is with the yum install "Web Server" command. (To find appropriate package group names, see the comps-rhel5-server-core.xml file in the Server/repodata subdirectory on the first installation CD, or run the yum groupinfo command.) This assumes a proper connection to a repository; if you're using RHEL 5, this requires a properly enabled subscription to the Red Hat Network. Other update options are covered in Chapter 5.

To configure Apache to start, run the apachectl start command. To make sure it starts the next time you boot your computer, run the chkconfig httpd on command.

Once Apache is installed, you should be able to access it by opening a browser and navigating to http://localhost. You can see in the default Apache configuration file that the DocumentRoot is located in /var/www/html. The default home page is located at /usr/share/doc/HTML/index.html. You can copy that index.html file to the /var/www/html directory and test the result by navigating once again to http://localhost. If you did not copy the other files associated with the default home page, you'll be missing some icons.

2. 

In this lab, you'll configure two Web sites on the local Apache server. Call them big.example.big and small.example.small. Don't forget to create the directories that you need and set up these Web sites on your DNS server or /etc/hosts file. Make sure your Web sites are accessible to users from remote computers on your network. Add an appropriate index.html file to the DocumentRoot for each Web site. Simple Web pages, such as a single line of text, are acceptable (no HTML coding is necessary). Don't forget that SELinux settings need to be compatible with what you configure.

2. 

This lab requires that you create two virtual hosts in the main Apache configuration file, /etc/httpd/ conf/httpd.conf. To make this happen, you should take the following steps:

1. The ServerRoot directive sets the default directory for the Apache server. Any files and directories not otherwise configured-or configured as a relative directory-are set relative to ServerRoot. Don't change this unless you're ready to adjust the SELinux contexts of the new directory accordingly.

2. Set the NameVirtualHost directive to the port (80) serving your intended network audience. Don't assign any IP addresses.

3. Add a VirtualHost container with the same IP address.

4. Assign the ServerAdmin to the e-mail address of this Web site's administrator.

5. Configure a unique DocumentRoot directory.

6. Set the first ServerName to big.example.big.

7. Add ErrorLog and CustomLog directives, and set them to unique file names in the /etc/httpd/ logs directory. With the default ServerRoot, you can use a relative logs directory, such as this:

    ErrorLog logs/big.example.big-error_log 

8. Make sure to close the VirtualHost container (with a </VirtualHost> directive at the end of the stanza).

9. Repeat the process for the second Web site, making sure to set the second ServerName to small.example.small.

10. Close and save the httpd.conf file with your changes.

11. Create any new directories that you configured with the DocumentRoot directives.

12. Create index.html text files in each directory defined by your new DocumentRoot directives. Don't worry about HTML code; a text file is fine for the purpose of this lab.

13. Make sure these domain names are configured in your DNS server or in /etc/hosts. For example, you could add the following lines to /etc/hosts:

     192.168.30.2 big.example.big 192.168.30.2 small.example.small 

14. Use the Security Level Configuration tool (system-config-securitylevel) utility to allow HTTP data through your firewall; see Chapter 15 for more information on this process.

15. Assuming you've enabled SELinux (and the Red Hat Exam Prep guide suggests that you need to do so for the RHCE exam), you'll need to configure appropriate ACLs on the directory associated with the DocumentRoot. For example, if that directory is /virt1, run the following commands:

     # chcon -R -u system_u /virt1/ # chcon -R -t httpd_sys_content_t /virt1 

    Alternatively, disable SELinux if you're allowed to do so. For more information, see Chapter 15.

16. Finally, make sure to run the apachectl restart command to reread the httpd.conf configuration file, so Apache reads your changes. (While the service httpd reload command works as well, apachectl is preferred.)

17. Now you can test the results in the browser of your choice. If it works, the big.example.big and small.example.small domain names should direct you to the index.html files that you created for each Web site.

3. 

Continuing on with Apache, now configure secure versions for each of your two Web sites. Make sure that appropriate directories are available for each secure Web site.

3. 

The basics of this lab are straightforward. You'll need to repeat the same basic steps that you performed in Lab 2; you're just editing the /etc/httpd/conf.d/ssl.conf configuration file. However, you should be concerned about the following:

1. Make sure that the top VirtualHost directive points to the IP address that you're using for your Web server.

2. Set up the DocumentRoot in a directory different from a regular Web server.

3. Configure the ErrorLog and CustomLog separately; select names to associate these log files with the name of the secure Web site.

4. Continuing on with Apache, now configure secure versions for each of your two Web sites. Make sure that appropriate directories are available for each secure Web site.

4. 

Set up a Squid Proxy Server on your computer. Set up access to your LAN on the 10.11.12.0/ 255.255.255.0 network. Assign appropriate values to acl, http_access, and visible_hostname. Set up the cache directories for Squid. Make sure it starts now and automatically the next time you reboot your computer. If there are problems, make sure the SELinux settings are compatible.

4. 

Squid is installed by default when you install the Web Server package group. To configure a Squid Proxy Server for your network, you'll need to configure /etc/squid/squid.conf. Assume the name of your computer is myproxy, and you're arbitrarily assigning mylan as the name for your LAN. If your network IP address is not 10.11.12.0, substitute accordingly. In this file, you'll need to add directives similar to:

 visible_hostname=myproxy acl mylan src 10.11.12.0/255.255.255.0 http_access allow mylan 

Next, set up the Squid directories with the following command:

 # squid -z 

Finally, to configure Squid to start, run the service squid start command. To make sure it starts the next time you boot your computer, run the chkconfig squid on command.

But you'll also need to activate proxy server access in client applications such as Web browsers. Remember that you can do so by pointing your browsers to port 3128.